Eric Schmidt on Secrecy and Security
From Information Week:
InformationWeek: What about security? Have you been paying as much attention to security as, say Microsoft—you can debate whether or not they've been successful, but they've poured a lot of resources into it.
Schmidt: More people to a bad architecture does not necessarily make a more secure system. Why don't you define security so I can answer your question better?
InformationWeek: I suppose it's an issue of making the technology transparent enough that people can deploy it with confidence.
Schmidt: Transparency is not necessarily the only way you achieve security. For example, part of the encryption algorithms are not typically made available to the open source community, because you don't want people discovering flaws in the encryption.
Actually, he's wrong. Everything about an encryption algorithm should always be made available to everyone, because otherwise you'll invariably have exploitable flaws in your encryption.
My essay on the topic is here.
Posted on May 31, 2005 at 1:09 PM • 10 Comments